[cryptography] GeoTrust Launches GeoRoot; Allows Organizations with Their Own Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public Root

Jeffrey Walton noloader at gmail.com
Mon Apr 6 02:59:55 EDT 2015


On Sun, Apr 5, 2015 at 6:25 PM, ITechGeek <itg at itechgeek.com> wrote:
> So does this mean Iran & the like can stop hacking CAs and buy their own
> Geotrust cert to MITM their population?
>
Yeah, its been around for a while. What's surprising is (or maybe not)
is the CA is still not constraining the organizations even though a
technical control is available to do so.

Do away with the independent third party that assesses the signing
request, don't bother with the security controls to limit impact of a
bad actor, and then allow the organization to operate on best
behavior. Sigh...


More information about the cryptography mailing list